As the United States doubles down on AI investment and adoption, the conversation around AI agents is shifting from capability to trust. The question is no longer whether AI agents can perform complex tasks — they demonstrably can — but whether they can do so in a way that organizations can verify, audit, and ultimately trust. This trust question is fundamentally an identity question, and it is exposing gaps in how we think about authentication and authorization in a world where non-human actors are increasingly autonomous.
The biometric identity community has spent decades building systems that answer one question with high confidence: is this human who they claim to be? Fingerprints, facial recognition, iris scans — these are all designed to bind a physical person to a digital identity. But they are entirely useless for answering the question that now matters most: is this AI agent authorized to perform this action on this system at this moment? The trust frameworks that work for human identity verification don’t translate to machine identity governance, and the gap between the two is where risk accumulates.
What is needed is a new class of identity verification that operates at the intersection of machine identity and behavioural trust. An AI agent’s trustworthiness cannot be established at a single point in time — it must be continuously evaluated based on what the agent is doing, what it has done before, and whether its current behaviour matches its intended purpose. This is less like a biometric scan and more like a continuous authentication system that evaluates context, behaviour, and privilege in real time. The agent’s identity becomes not just who it is, but what it is supposed to be doing, and whether its actions align with that expectation.
For the NHI security discipline, this represents both the biggest challenge and the biggest opportunity. The organizations that figure out how to establish continuous trust for AI agents — through machine identity governance, runtime behavioural monitoring, and automated policy enforcement — will be the ones that can safely deploy agentic AI at scale. Those that treat AI agents as just another type of service account, governed by the same static policies designed for human users, will find themselves managing an increasingly untrusted population of autonomous actors with privileged access to their most critical systems.